The popular forum site that hackers used to access employee computers at Apple and Facebook gave more details today on how the cyberattack happened.

The site's owner Ian Sefferman confirmed previous reports that hackers injected JavaScript into his site, iPhonedevsdk, and were then able to use a previously unknown exploit to access certain user's computers. He also said that the cyberattack most likely ended on January 30, 2013.

Apple revealed yesterday that hackers targeted computers used by its employees, but that "there was no evidence that any data left Apple." In a statement, the company said it discovered malware that made use of a vulnerability in a Java plug-in, and that it was sourced from a "website for software developers." Employee computers for Facebook and most likely dozens of other companies were also breached.

Here's more information from Sefferman:

What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers.

We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

As with Facebook, it's important to stress that we have no reason to believe user data was compromised.

Roughly 40 companies have been victims of cyberattacks during the past several months. At least some of these hacks are thought to have originated in Eastern Europe, according to a report yesterday by Bloomberg. The supposed goal of these hackers was to steal companies' secrets, research, and intellectual property, which could then be hawked on the black market.

However, it's still unclear if all of the companies were targeted by one group of hackers or if they were isolated incidents. "We're continuing to work with Facebook, Vanilla, other targeted companies, and law enforcement to find out who is behind this sophisticated attack," Sefferman wrote.

CNET is not linking to iPhonedevsdk because of the hack. The URL to Sefferman's blog post is: http://iphonedevsdk.com/forum/site-news-announcements/111889-iphonedevsdk-compromised-what-happened-and-how-we-are-dealing-with-it.html.

About the author

Dara Kerr is a staff reporter for CNET focused on the sharing economy and tech culture. She grew up in Colorado where she developed an affinity for collecting fool's gold and spirit animals.
See full bio